I do agree -- having a Perl virus developed may be hazardous. However, I also feel there are two sides of the story.

Virii have been a problem for some time, and have been developed in all sorts of languages. There are already PHP viruses. With that in mind, it would seem likely that eventually, someone would write a virus in Perl, it's just a matter of when.

I don't feel that security by "ignoring it and hoping it goes away" would be a good long term solution. Is there anything that could ever be done to prevent a Perl virus from running? I don't really know. However, I would much rather have this opportunity to discuss the matter with the reasonable, intelligent people who frequent this site (not to be confused with "reasonably intelligent people", found at various other sites ;-), then run around trying to clean up the mess after it happens in the future, and THEN having this discussion :-)

So opening things wide open -- is there anything that could be done with Perl to prevent a Perl virus from doing damage? It seems extremely difficult, and I don't know any other language that has figured out a way around this. But if any language could develop a system to aid in prevention, it would be Perl!

tye, I'm not dissagreeing with you per-se. I suppose that I just feel that since it's going to happen anyway, that perhaps it would be easier to attempt to deal with the issue now. I'm just glad it was a monk offering code up for review, and not one of my users trying it out on my system. But perhaps this should be a non-public discussion -- I'll leave that up to you guys :-)
-Eric

Update: BTW, is there a system for non-public discussion on this site? Password protected forums, forums that require a particular level, etc?

Update 2: After seeing lemming's post, I changed all referenced of "virii" to "viruses", which is apparently the correct usage. Thanks Lemming :-)

Is there anything that could ever be done to prevent a Perl virus from running?

Well, I would like to offer my suggestions.

Make an unprivileged user and call it "scriptGuy" or something

Remove all of that users privileges everywhere, and I mean EVERYWHERE.

Begin restoring privileges to that user on a need-by-need basis until it becomes a semi-usable account

Run all scripts as that user

Never run code found in the wild without understanding it or, at least, trusting the source from which it came

Now, this discussion is going to easily turn into a general discussion on computer security (i.e. shut off ftp and telnet, use ipchains, etc., etc.). But, that might not be such a bad discussion to have.

To clarify, discussing viruses and even producing a virus can be important research. Releasing the code to the world as part of the research is a big mistake in my book. It is the inclusion of the code that I object to, especially in a public place such as this.

And I'm not claiming that hiding this one bit of code will stop the creation of viruses. I am worried that not hiding it could cause the creation of a virus. That is, speed up the creation of a virus or increase the number of such viruses.

This is not a security measure. This is a moral decision to not contribute to the creation of a virus. Sure, think about it and talk about it, but don't hand out seeds to the world. Sure, some virus will probably come along eventually but I don't want to have had a hand in its developoment!